Skip to Content.
Sympa Menu

grouper-dev - RE: [grouper-dev] Grouper-provided Entities

Subject: Grouper Developers Forum

List archive

RE: [grouper-dev] Grouper-provided Entities

Chronological Thread 
  • From: "RL 'Bob' Morgan" <>
  • To: Grouper Dev <>
  • Subject: RE: [grouper-dev] Grouper-provided Entities
  • Date: Fri, 28 Oct 2011 00:08:32 -0700 (PDT)

1. You have to be the grouper admin to add a jdbc source, if you are a lowly department programmer, and you want to add some entities, then you will have to ask your central grouper admin, and more than likely, it will either be painful to do this, or they will say no. Or you can create groups to represent entities which can be confusing.

I'm trying to understand this scenario. The Grouper uber-admin has a policy against adding the subjects the dept-admin wants, but because of the Grouper-entities feature the dept-admin is able to circumvent that policy? Would not the Grouper uber-admin also have control over whether the Grouper-entities feature can be used by the dept-admin?

Or is it that Grouper deployers find the implementation of subject sources so difficult that they can't satisfy dept-admin needs even though they want to? So the Grouper-entities feature is an easier/better way of managing Grouper subjects?

2. With a jdbc source, there is no security. Other people who don't care about your entities can look them up and see them

If deployers care about access control for sources, shouldn't sources, y'know, support access control? If a subject source is, for example, an LDAP directory, that certainly can do access control.

- RL "Bob"

Archive powered by MHonArc 2.6.16.

Top of Page